Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Secret links between Trump and Russian bank’s servers uncovered


When a group of computer scientists went out to determine if the hackers were interfering with Donald Trump campaign, they found shocking results and revealed the world that Trump has maintained a private server for exclusive communication with a Russian bank.

However, the campaign has denied the report of having any relationship with Russia’s largest private commercial bank in Moscow, Alfa Bank and so has the bank.

Earlier also the presidential candidate who has lauded Russian president, Vladimir putin for his leadership has been accused with the same for spying over its rival, Hilary Clinton. Rumors of an internet connection between the bank and a web address linked to the Trump Organization have been circulating in Washington for a number of weeks.

The group of computer scientists who are nicknamed as Tea Leaves claimed that the servers of the organization were designed to communicate in 'secretive' way.

Earlier this year, the Russian hackers had infiltrated the servers of the Democratic National Committee, an attack persuasively detailed by the respected cybersecurity firm CrowdStrike.

Slate website which published the report had conducted an investigation into the means by which scientists uncovered this data and the extent to which it may be linked to the 2016 election. Currently, sufficient evidence does not exist to bring forth allegations. However, the evidence found is reasonable enough to trust.

Closer observation revealed the server, registered to Trump Organization on Fifth Avenue, was communicating exclusively and covertly with Alfa Bank’s two servers.

The Trump Organization server was created in 2009 for marketing purposes but press secretary of campaign, Hope Hicks has said that the server “operated by a third-party has not been used since 2010. The current traffic on the server from Alphabank’s IP address is regular DNS server traffic – not email traffic.”

The scientists have claimed that Trump’s servers went dark after the reporters pounded the organisatin with questions.

Alfa Bank, helmed by Mikhail Fridman and Pyotyr Aven, does have dealings in the United States. LetterOne, one of the bank’s holding companies, invested $200 million in Uber this year and intends to commit $3 billion to United States health care. Alfa Bank has not involved itself in shady business; it has even received an award for “Corporate Citizenship.”

Denying all the reports and links with the campaign, Alfa Bank has said that the cybersecurity experts hired by the bank are investigating into the act and have doubts that the activity could have been caused by a spam attack.

The relationship between the Trump Organization and Alfa Bank also seems connected to or at least influenced by the election.

Tea Leaves encountered the server registered to the Trump Organization by scouring the domain name system (DNS). According to the DNS specialists two Alfa Bank servers accounted for 87% of the DNS lookups involving the Trump Organization server.

The DNS is a protocol that regulates communications on the internet. It is what allows internet users to type in the name of the website and to land on the appropriate page.

Trump has indicated that he favors Russia, from his disinclination to protect NATO allies from a Russian attack, to his campaign’s alleged demand that the GOP adjust its position on Ukraine so that it was more amenable to Russia. And Russia is suspected of hacking into Democratic National Committee emails, and into other voting systems in the U.S. Russian officials have even asked to be present at polling stations on November 8.

Though more evidence is awaited, this looks a grave matter.
Read more »

'Smishing' Attacks Again Targets Users In UK

(pc-Google Images)
As the clocks in UK went back by one hour, hackers started were up to their old tricks and began targeting Apple users with a phishing scam in the hopes of stealing personal details like usernames, passwords, and even driving licence and passport numbers.

(PC-Google Images)
Hackers posing as Apple send SMS which warns users that their Apple ID is imminently expiring and urges them to update it by clicking the provided link. When you click on that link it redirects users to a fake Apple ID login page and prompts them to enter their username, passwords and other sensitive information such as card details, passport number, driving licence number and mother's maiden name.

Smishing campaigns (Phishing via SMS messages) are one of the common tools used by online scammers to steal sensitive user data, without alerting users of any suspicious activities. This method provides hackers enough time to infiltrate user accounts and obtain data while users generally remain clueless about the loss of their data.

Apple users have been targeted in similar ways in the past by convincing-looking replicas of the real Apple ID login page. They have been targeted in a similar manner in May, and received messages in June claiming their iCloud account had been deactivated.
Read more »

Erica Garner Slams Hillary's Campaign Over Her Father's Wikileaks Emails

(Erica Garner /pc-Google Images)
Erica Garner, the daughter of a black man named Eric Garner, who was killed by a New York Police Department officer, has slammed Hillary Clinton campaign over recently published internal emails by WikiLeaks that mention her and her father.

The email correspondence was a discussion about whether the death of Garner’s father should be used in a Clinton opinion piece for New York Daily News on gun violence.

(pc-Google Images)
"I'm troubled by the revelation that you and this campaign actually discussed 'using' Eric Garner ... Why would you want to 'use' my dad," tweeted Erica Garner. “It was obvious that the two white men that were on the email chain didn’t even know that my dad wasn’t shot. It was clear that he was just a dead body for them to manipulate for their use. White liberals have been trying to cram racism into the box of gun violence for a while now.”

Eric Garner died in 2014 after New York police officer Daniel Pantaleo used a chokehold while attempting to arrest him for allegedly selling cigarettes illegally. A grand jury later decided against indicting Pantaleo for Eric Garner’s death.

"I know we have Erica Garner issues but we don't want to mention Eric at all? I can see her coming after us for leaving him out of the piece," Clinton's traveling press secretary Nick Merrill wrote in an email.

Garner has been critical of President Barack Obama, New York City Mayor Bill de Blasio and other politicians since becoming an activist against police brutality following her father's death.
Read more »

Arizona Teen Arrested For Disrupting iPhone 911 Emergency Services

(PC-GOOGLE IMAGES)
An 18-year-old teenager from Arizona has been arrested after he disrupted the emergency 911 system for the Phoenix metro area and surrounding states this week with a malicious link shared on social media.

iPhone app developer MeetKumar Hiteshbhai Desai is accused of publishing Web links that caused iPhones to repeatedly dial 911.

Per authorities, Desai created a JavaScript exploit, which he shared with his friends on Twitter and other websites. The link shared by Desai saw users who clicked on it have their iPhones automatically and repeatedly dial 911. The volume of the calls allegedly put the responders and authorities "in immediate danger of losing services to their switches". Authorities said apart from Arizona, agencies in California and Texas were also affected.

An official press release from the Maricopa County's Sheriff's Office said: "The Surprise Police Department received the over (100) hang up 911 phone calls within a matter of minutes due to this cyber-attack and were in immediate danger of losing service to their switches. The Peoria Police Department and the Maricopa County Sheriff's Office also received a large volume of these repeated 911 hang up calls and had the potential danger of losing service throughout Maricopa County.” 

"Sheriff's Detectives were able to identify 'Meet' as the suspect behind the 911 disruption and was taken into custody and transported him to the Major Crimes Division for questioning late last night. Meet explained to Sheriff's detectives that he was interested in programs, bugs, and viruses which he could manipulate and change to later inform Apple about how to fix their bug issues for further iOS updates. He claimed that Apple would pay for information about bugs and viruses and provide that particular programmer with credit for the discovery."
Read more »

Australian Red Cross suffers Massive Data Breach

(PC-Google Images)
In a major data breach, the personal details of more than half a million blood donors was compromised in a major hack at the Australian Red Cross.

The compromised records, made up of registration data for 550,000 people from 2010 to 2016, included names, addresses, dates of birth, blood types, phone numbers and last donation dates.

Australian Red Cross Blood Service chief executive Shelly Park said at a press conference in Melbourne on Friday that the data had been accessed by an “unauthorised person”. She said access to the file had been shut down and that forensic experts were now helping the organisation with their investigation.

“The type of information included in the files include name, address, and personal details that come about from completing our short questionnaire, which is a bit like a gateway to see whether people can go ahead to donate blood. I wish to stress that this file does not contain the deep personal records of people’s medical history or of their test results. We are notifying donors as early as we believe we can, and we are notifying donors today”, said Park.

"It is vitally important that people who generously want to give blood are not deterred by this – every Australian may need a blood transfusion at some time and we hope people will continue to make their contribution and to feel confident that their personal details will be protected”, added Park.

Australia’s computer emergency response team, AusCERT, is also working with the organisation to address the problem. The Blood Service said it has already contacted the Australian cybersecurity centre, the federal police and the Information Commissioner's Office (ICO).
Read more »

Russia Shuns Off E-mail Breach From Putin's Aide's Account

(Vladislav Surkov / pc-Google Images)
Russia has brushed off hacking allegations and challenged the authenticity of leaked e-mails purportedly from the inbox of presidential aide Vladislav Surkov.

Hacking group ‘CyberHunta’ has published around 2300 emails between September 2013 to November 2014, when Russian military invaded Ukraine and annexed the territory of Crimea. 

Kremlin spokesman Dmitry Peskov didn’t oppose the leaked documents but challenged their authenticity, saying that Surkov, a longtime adviser to President Vladimir Putin, "doesn't use electronic mail."

"I can tell you: This is not him," he said, referring to Surkov.

According to analyst Aric Toler from the Digital Forensic Research Lab, the hacked inbox was prm_surkova@gov.ru and was likely managed by Surkov's assistants as a work account. The hackers reportedly accessed the account by infiltrating the popular Yandex web portal.

Toler found that most of the emails were of little-or-no interest. However, he wrote that it "helps lend credibility to the email's authenticity." Some emails did include political briefings on the situation in Ukraine and a "calendar of announced events."

Ukraine's National Security Service (SBU) has claimed the contents of the leaks are real, although its experts warned the files may have been altered or tampered in some way. However, a large number of the communications suggest they were handled by Surkov's underlings and include requests to pass the e-mails on to Surkov.

Surkov previously served as a key adviser to Putin on domestic political matters and currently advises the Russian president on the West-leaning former Soviet countries of Ukraine, Moldova, and Georgia.
Read more »

Nude Photo Leaker Gets 18 months In Jail

(pc-Google Images)
A Pennsylvania resident has been sentenced to 18 months in jail for hacking the accounts of celebrities and leaking their nude photos and videos.

36-year-old Ryan Collins is pleaded guilty in the Celebgate case and has hacked more than 600 accounts including that of famous actresses e.g. Jennifer Lawrence, Kate Upton, Scarlett Johansson, and Kirsten Dunst.

Collins had conducted a two-year raid from 2014 to 2016 that had netted him more than 100 logins to his victims’ Gmail and Apple email accounts.

Collins accessed at least 50 iCloud accounts and 72 Gmail accounts. Collins used a scheme called phishing, in which he could get victims to provide information about their accounts in response to emails that appeared to come directly from Apple and Google.

Collins is married and has two children. He is originally from Hershey, Pennsylvania, and currently lives in Lancaster.
Read more »

New OLX App Enhances Security Features

(PC-Google Images)
The new OLX app is designed in such a way that it enhances the security of the users especially women. OLX, now, comes with an enhanced security feature to help internet users who are vulnerable to spam calls and harassment.

The firm says that it will help increase the penetration of online classifieds across regions, age-groups, and categories. However, the most striking of the changes deal with security.

“With the intention of making the platform more secure, OLX has made it mandatory for all users — sellers and buyers — to register for accessing the platform,” it said. This is a marked change from current strategy in most classifieds sites. Users can register with either of the following: Facebook, Google+, and phone number. Social media logins will allow users to see mutual friends, apart from revealing the transaction history of other users, how long they have been using OLX, as well as their location.

“Mandatory log-ins will imply that there are no anonymous users on OLX anymore. It will increase the sense of familiarity amongst users,” said OLX, adding “Mandatory registration will especially help in bringing women users to OLX by providing a safer environment for them to transact in.” The other new feature, Chat First, Restrictions on Calling: have made it easier to protect user privacy.

"With our new App, we have made significant improvements on three fronts in particular. First, features such as 'Chat First' are bold, industry-first moves that along with mandatory registration enhance the trustworthiness of the platform, making our users more secure. Second, by allowing users to see products closest to them, we have tried to provide an authentic hyper-local classifieds experience based on ease and simplicity," said Amarjit Singh Batra, CEO, OLX India in a statement.

The new app also comes with "Snap and Post" feature that allows users to post an ad in as less as 10 seconds, and "Hyper Local Experience" feature that facilitates users to find great products in their vicinity, making transaction easier.
Read more »

Celebgate: Hacker gets 18-Month Sentence

A Pennsylvania hacker who stole more than 100  Apple and Google e-mail accounts, including those of several Hollywood celebrities in 2014, has been sentenced to 18 months  in federal prison.

 In May this year, Ryan Collins, 36, has been pleaded guilty for  under the Computer Fraud and Abuse Act. He admitted to sending phishing e-mails to his victims for two years  and obtaining much  personal information and confidential information including nude photographs and videos.

He gained e-mail passwords of many actors like  Jennifer Lawrence and Aubrey Plaza, and singers Rihanna and Avril Lavigne.

According to the Justice Department, between 2012 and 2014 Collins “engaged in a sophisticated phishing scheme.” In 2014, he circulated the nude  celebrity pictures on the Internet. And this incidence again came to limelight when Ken Bone, admitted of viewing Lawrence's nude pictures on Reddit.

Pennsylvania US attorney Bruce Brandler said in a statement that “In some cases, Collins would use a software program to download the entire contents of the victims’ Apple iCloud backups. In addition, Collins ran a modeling scam in which he tricked his victims into sending him nude photographs.”

Investigators found that Collins had  hacked at least 50 iCloud and 72 Gmail accounts most of which belong to the women celebrities. He had faced up to five years in jail and a $250,000 fine.

“The defendant intruded into the online accounts of hundreds of victims and in doing so, intruded upon their lives, causing lasting distress,” said Deirdre Fike, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “The prison sentence received by Mr. Collins is proof that hacking into the accounts of others and stealing private information or images is a crime with serious consequences.”



Read more »

Hackers awarded $215,000 for hacking Nexus 6P, iPhone 6S

Tencent Keen Security lab team won $215,000 for finding the security flaws in fully updated and patched Nexus 6P at a mobile-only Pwn2Own competition.

The team from China accepted the challenge from the White Hat Hackers. With the use of Rogue app,  they infected the Nexus 6P with various Android bugs. The team also identified and showed that many there are many  bugs  already present in a new updated and modified version of  Nexus 6P phone. And the team was able to access user data by just  installing a rogue app on the phone. However, they failed to unlock the device.

Another milestone achieved by them is that they got a malicious app to remain on the iPhone 6S system even after the device was rebooted. However, they failed to invade the Galaxy S7 phone.

Their other  accomplishments include successfully carrying out three attacks in Sniper, Strength and Stealth categories. Tencent Keen team first came to limelight when they demonstrated how to take control of Tesla’s brakes from 12 miles away last month.

With total 45 points, Tencent Keen Security Lab Team claimed the title of Master of Pwn  and were awarded $215,000.

As per the rules of Mobile Pwn2Own, "Google will be informed and alerted about the identified weaknesses in Nexus 6P and the Android system so that patches could be released."

Pwn2Own gives an opportunity to White Hat hackers to showcase their hacking talent to defeat the software or hardware, and it benefits both the customers and manufacturers.

In the recent Pwn2Own competition, which was sponsored by Trend Micro.  The phones that the hackers had to hack included the Nexus 6P, iPhone 6S and Samsung Galaxy S6.


Read more »

Hospital Data In US Prone To Dark Web Attacks

(pc-Google Images)
It is now becoming easier for cyber criminals to steal hospital data and records or hold patient data for ransom. Cybercriminals are sneaking into more and more health insurance databases and hospital networks in recent years, stealing the personal health records of tens of millions of Americans.

Per industry experts, the reason behind this is that health sector doesn’t protect its data. The hackers have apparently migrated to the health sector as the financial sector has pulled up its socks.

In a report from the Institute for Critical Infrastructure Technology, it was found that more than 113 million medical records were stolen in 2015. The report found that Victims of the crimes receive limited or no help from the government or healthcare organizations because consumer protections are not well defined in the case of medical identity theft.

The large amount of leaked patient records was stolen and posted for sale to the dark web, a hidden electronic black market, for years after the initial breach.

In some cases, Hackers will infiltrate a system and then hold the data for ransom, demanding payment in money or in some cases in Bitcoins. This phenomenon is called a "ransomware" attack.

The Hollywood Presbyterian Hospital in Los Angeles was hit by a ransomware attack and was forced to shut down until it could pay $17,000 to the hackers.

According to James Corman, Director of cyber statecraft at The Atlantic Council and a member of a Health and Human Services cybersecurity committee, this type of information is a stepping stone to other types of compromise later. "It could be your social security number, city of birth or other things you may use in bank security questions. It's all the stuff around your medical history”, said Corman.
Read more »
Subscribe to: Comments (Atom)